Commit c328da59 authored by Jacob Priddy's avatar Jacob Priddy 👌
Browse files

Map my authorizer to gate and get guards working

Also update email in default saml for admin user
parent d9bebae5
Pipeline #12490 failed with stages
in 3 minutes and 3 seconds
......@@ -103,7 +103,7 @@ $config = [
'first_name' => ['Sheev'],
'last_name' => ['Palpatine'],
'emplid' => ['order66'],
'email' => ['sithL0rd@senate.com']
'email' => ['admin@admin.user']
]
],
......
......@@ -123,4 +123,12 @@ class ApiGuard implements Guard
return $presenter->getViewModel();
}
/**
* @return bool
*/
public function viaRemember(): bool
{
return false;
}
}
......@@ -15,22 +15,6 @@ abstract class ApiController extends Controller
*/
protected int $status = 200;
/**
* @var \Illuminate\Http\Request
*/
protected Request $request;
/**
* @var \Source\Authorization\Authorizer
*/
protected Authorizer $authorizer;
public function __construct(Request $request, Authorizer $authorizer)
{
$this->request = $request;
$this->authorizer = $authorizer;
}
/**
* @param int $code
*/
......
......@@ -2,6 +2,8 @@
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Source\Authorization\Authorizer;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Routing\Controller as BaseController;
use Illuminate\Foundation\Validation\ValidatesRequests;
......@@ -10,4 +12,20 @@ use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
class Controller extends BaseController
{
use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
/**
* @var \Source\Authorization\Authorizer
*/
protected Authorizer $authorizer;
/**
* @var \Illuminate\Http\Request
*/
protected Request $request;
public function __construct(Request $request, Authorizer $authorizer)
{
$this->request = $request;
$this->authorizer = $authorizer;
}
}
......@@ -2,12 +2,14 @@
namespace App\Http\Controllers\Web;
use Illuminate\View\View;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
class LoginController extends Controller
class MeController extends Controller
{
public function index(): string
public function index(Request $request): View
{
return 'hi';
return view('home');
}
}
......@@ -5,6 +5,10 @@ namespace App\Providers;
use App\Guards\ApiGuard;
use App\Guards\DoorGuard;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Gate;
use Source\Authorization\Authorizer;
use Source\Authorization\Permissions;
use Illuminate\Contracts\Auth\Authenticatable;
use Source\UseCases\Token\Authenticate\AuthenticateUseCase;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Source\UseCases\Door\Authenticate\AuthenticateUseCase as DoorAuthenticateUseCase;
......@@ -12,23 +16,22 @@ use Source\UseCases\Door\Authenticate\AuthenticateUseCase as DoorAuthenticateUse
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
* Register any authentication / authorization services.
*
* @var array
* @param \Source\Authorization\Authorizer $authorizer
*/
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
];
public function boot(Authorizer $authorizer): void
{
$this->registerGuards();
$this->registerGateMapping($authorizer);
}
/**
* Register any authentication / authorization services.
*
* @return void
* Registers application guards
*/
public function boot()
protected function registerGuards(): void
{
$this->registerPolicies();
// Define guard for the api
Auth::extend(
'api',
......@@ -45,4 +48,22 @@ class AuthServiceProvider extends ServiceProvider
}
);
}
/**
* Maps laravel's gate functionality to my authorizer
*
* @param \Source\Authorization\Authorizer $authorizer
*/
protected function registerGateMapping(Authorizer $authorizer): void
{
$reflection = new \ReflectionClass(Permissions::class);
foreach ($reflection->getConstants() as $permission) {
Gate::define($permission, static function (Authenticatable $user) use ($permission, $authorizer): bool {
$authorizer->setCurrentUserId($user->getAuthIdentifier());
return $authorizer->allows($permission);
});
}
}
}
......@@ -97,7 +97,7 @@ class RouteServiceProvider extends ServiceProvider
*/
protected function mapFrontendRoutes(): void
{
Route::middleware(['web', 'auth'])
Route::middleware(['web', 'auth:api'])
->namespace($this->namespace)
->group(base_path('routes/frontend.php'));
}
......
@extends('layouts.base')
@section('title', 'Home')
@section('content')
<p>
hello
</p>
@endsection
......@@ -17,24 +17,29 @@
</button>
<div class="collapse navbar-collapse" id="navbarCollapse">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<li class="nav-item mr-2">
<a class="nav-link" href="#">About</a>
</li>
<li class="nav-item">
<li class="nav-item mr-2">
<a class="nav-link" href="/api/docs/">Api Docs</a>
</li>
{{-- @auth('admin')--}}
{{-- <li class="nav-item">--}}
{{-- <a class="nav-link" href="#">Admin Panel</a>--}}
{{-- </li>--}}
{{-- @endauth--}}
@can(\Source\Authorization\Permissions::ADMIN)
<li class="nav-item">
<a class="nav-link" href="#">Admin Panel</a>
</li>
@endauth
</ul>
<div class="mr-5">
<span class="text-white-50">
{{-- {{ auth()->user()->displayName() }}--}}
Hello, Name
<div class="mr-5 d-flex flex-row">
<span class="text-white-50 my-2 mr-5">
Hello, {{ auth()->user()->first_name }}
</span>
<ul class="navbar-nav">
<li class="nav-item">
<a class="nav-link" href="{{ route('saml.logout') }}">Logout</a>
</li>
</ul>
</div>
</div>
</nav>
......
<!DOCTYPE html>
<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Laravel</title>
<!-- Fonts -->
<link href="https://fonts.googleapis.com/css?family=Nunito:200,600" rel="stylesheet">
<!-- Styles -->
<style>
html, body {
background-color: #fff;
color: #636b6f;
font-family: 'Nunito', sans-serif;
font-weight: 200;
height: 100vh;
margin: 0;
}
.full-height {
height: 100vh;
}
.flex-center {
align-items: center;
display: flex;
justify-content: center;
}
.position-ref {
position: relative;
}
.top-right {
position: absolute;
right: 10px;
top: 18px;
}
.content {
text-align: center;
}
.title {
font-size: 84px;
}
.links > a {
color: #636b6f;
padding: 0 25px;
font-size: 13px;
font-weight: 600;
letter-spacing: .1rem;
text-decoration: none;
text-transform: uppercase;
}
.m-b-md {
margin-bottom: 30px;
}
</style>
</head>
<body>
<div class="flex-center position-ref full-height">
@if (Route::has('login'))
<div class="top-right links">
@auth
<a href="{{ url('/home') }}">Home</a>
@else
<a href="{{ route('login') }}">Login</a>
@if (Route::has('register'))
<a href="{{ route('register') }}">Register</a>
@endif
@endauth
</div>
@endif
<div class="content">
<div class="title m-b-md">
Laravel
</div>
<div class="links">
<a href="https://laravel.com/docs">Docs</a>
<a href="https://laracasts.com">Laracasts</a>
<a href="https://laravel-news.com">News</a>
<a href="https://blog.laravel.com">Blog</a>
<a href="https://nova.laravel.com">Nova</a>
<a href="https://forge.laravel.com">Forge</a>
<a href="https://vapor.laravel.com">Vapor</a>
<a href="https://github.com/laravel/laravel">GitHub</a>
</div>
</div>
</div>
</body>
</html>
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\Web\LoginController;
use App\Http\Controllers\Web\MeController;
/*
|--------------------------------------------------------------------------
......@@ -14,6 +14,4 @@ use App\Http\Controllers\Web\LoginController;
|
*/
//Route::get('/', [LoginController::class, 'index'])->name('web.home');
Route::view('/', 'welcome');
Route::view('/base', 'layouts.base');
Route::get('/', [MeController::class, 'index'])->name('web.index');
......@@ -10,7 +10,6 @@ class Permissions
public const MANAGE_DOORS = 'manage-doors';
public const MANAGE_GROUPS = 'manage-groups';
public const CODE_QUERY = 'code-query';
public const CURRENT_USER = 'current-user';
public const LOGS_READ = 'logs-read';
public const DOOR_COMMANDER = 'door-commander';
}
......@@ -2,6 +2,7 @@
namespace Source\UseCases\Groups\UpdateGroup;
use ReflectionClass;
use Source\Entities\Group;
use Source\Authorization\Permissions;
use Source\Gateways\Groups\GroupsRepository;
......@@ -24,6 +25,7 @@ class UpdateGroup implements UpdateGroupUseCase
/**
* @inheritDoc
* @throws \Source\Exceptions\EntityExistsException
*/
public function update(string $groupId, array $attributes, Presenter $presenter): void
{
......@@ -33,8 +35,7 @@ class UpdateGroup implements UpdateGroupUseCase
throw new EntityNotFoundException();
}
$reflection = new \ReflectionClass(Permissions::class);
$reflection = new ReflectionClass(Permissions::class);
if (in_array($group->getTitle(), $reflection->getConstants(), true)) {
// Cannot modify default permission group title
......
......@@ -334,12 +334,11 @@ class AuthorizerTest extends TestCase
*/
public function it_gets_permissions(): void
{
$this->createUserWithPerms([Permissions::LOGS_READ, Permissions::MANAGE_DOORS, Permissions::CODE_QUERY, Permissions::CURRENT_USER]);
$this->createUserWithPerms([Permissions::LOGS_READ, Permissions::MANAGE_DOORS, Permissions::CODE_QUERY]);
$this->assertEquals([
Permissions::MANAGE_DOORS,
Permissions::CODE_QUERY,
Permissions::CURRENT_USER,
Permissions::LOGS_READ,
], $this->authorizer->getPermissions());
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment